Jump to content


Member Since 30 May 2017
Offline Last Active Aug 20 2019 02:33 PM


Posted by X2Peter on 19 June 2019 - 09:01 AM

It sounds like there may be an authentication error. This can be due to a few reasons. Are you using the base64 encoded of {username:APIKey}? If so then the issue may be related to your hosting. If you are on a shared web host then you may need to add/modify your .htaccess file with the following contents:

# Allows PHP to moderate HTTP Basic authorization in CGI/FCGI so that the REST
# API's authentication method can work in shared hosting environments
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Let me know if this does not work for you so that we may continue troubleshooting.

#15700 In Memoriam

Posted by X2Peter on 07 June 2019 - 12:31 PM

We have a sad announcement this afternoon regarding a very special user here. Atilla, who was with us since June of 2017 passed away this month. On behalf of X2CRM I would like to send his family and friends our condolences and to Atilla personally, our appreciation for all the hard work he put on this forum. Without Atilla, X2CRM would not be where we are today and we want to again thank Atilla for all the effort he put into this forum. Thank you Atilla, and may you rest in peace.

The X2CRM team


Posted by X2Peter on 20 March 2019 - 12:42 PM

The integration is still a WIP but you can start using it by going to this link: https://zapier.com/d...e0c6e13c80b9da/


Our goal is to convert all of our workflow triggers to Zapier triggers and to convert most native actions to Zapier actions. Please feel free to update this thread with any questions/comments regarding the Zapier integration.


Posted by X2Peter on 18 March 2019 - 01:53 PM

Hello Success,


We have a Zapier integration in the works, as of now it can only do basic operations (create contacts, accounts, leads etc). Are there any features in particular you would like the integration to implement?

#15476 Issue after updating to 7.1

Posted by X2Peter on 28 January 2019 - 09:47 AM

This appears to be caused by a null variable ($hiddenTags) within protected/components/TagCloud.php. We will provide a hotfix patch this week. You can also replace:

    $tagParams = AuxLib::bindArray ($hiddenTags);
    $params = array_merge ($params, $tagParams);
    $str1=" AND tag NOT IN (".implode (',', array_keys ($tagParams)).")";


if(!is_null($hiddenTags) && count($hiddenTags)>0){
    $tagParams = AuxLib::bindArray ($hiddenTags);
    $params = array_merge ($params, $tagParams);
    $str1=" AND tag NOT IN (".implode (',', array_keys ($tagParams)).")";

in protected/components/TagCloud.php

#15473 Error 500 with openssl_decrypt() when updating to 7.1 Fix

Posted by X2Peter on 25 January 2019 - 03:06 PM

Please note that you will also need to re-enter your app credentials from manage apps, including your Google integration credentials as the previous cipher used with mcrypt has no analogous cipher in openssl.

#15439 Issue after updating to 7.1

Posted by X2Peter on 10 January 2019 - 10:00 AM

Hello JacobD,


You may need to re-generate your encryption.iv and encryption.key files in protected/config. You can do this by deleting these files (the app should then re-create them or you can manually create them by running protected/yiic cryptsetup).

#15433 X2CRM 7.1 Released - Support for PHP 7.2

Posted by X2Peter on 09 January 2019 - 04:40 PM

Hello Everyone,


Today we released X2CRM v7.1 which includes misc. bug fixes and support for PHP 7.2. Please see the release notes below:




  • General Changelog / Developer Notes

    • X2CRM is now compatible with PHP 7.1+
  • Miscellaneous bug fixes

    • Fixed issue with emailing where mail servers which are not configured to use VERP can still send email
    • Removed list option from the reporting module
    • A/B campaigns now work with dynamic lists
    • Fixed issue where 'do not email' settings would get incorrectly set
    • Fixed issue where a 500 error would occur if the 'maxFileSize' attribute was not created correctly
    • Fixed issue where X2Flow would incorrectly reference a workflow ID
    • Fixed issue where logging time on a record would incorrectly calculate time spent
    • Fixed front-end with the complete stage action in X2Workflow where the note textarea was covering the stage selection dropdown

#15302 CSFR Token Error raising its head again

Posted by X2Peter on 13 November 2018 - 04:08 PM

I believe we have resolved the issue. From what we could replicate, it appears that the request which was coming in from the web lead form requested a different path than what the CSRF filter was trying to match. I have attached a new version of the X2HttpRequest.php to this post. Please backup your current version then replace. Also please test the web leads immediately afterwards.




Let me know if you still run into the CSRF issues.

Attached Files

#15298 CSFR Token Error raising its head again

Posted by X2Peter on 13 November 2018 - 10:07 AM

This is strange, I believe we have run into issues with Safari browser users and are currently designing a fix. Would you happen to know which browsers these leads may have been using? Regardless, we are currently testing web forms with different browsers to replicate the issue. I will keep this thread updated with our results.

#15273 secure X2 with fail2ban - anyone ?

Posted by X2Peter on 07 November 2018 - 01:32 PM

Hello Noime,


I would not necessarily use notifications as a critieria for IP ban with fail2ban as the period at which the 'GET /index.php/notifications/get.*' can be configured within the admin panel (you might also inadvertently ban yourself as your browser would be maing the requests). The notification JS is run periodically to retrieve messages such as 'John Doe has opened an email!' etc and display them in the notification box (the box in the upper right corner with blue numbers). However removing them from the apache logs can be a good thing.


On our developer server we use some of the default apache fail2ban jails such as 'apache', 'apache-noscript' and 'apache-overflow'. I don't have any specific filters written out but I would recommend adding a filter for 403 errors on the login page, this should help against bots that are trying to brute force login to your app. The same goes with the API (protect against failed authentications of API).

#15270 Assign modules and reports to specific users

Posted by X2Peter on 07 November 2018 - 01:07 PM

Hello Charl,


Regarding the module assignments, we have something in the works to expand user roles such that modules would take these user-created roles into account when determining permissions. Basically there would be more options for module permissions than just 'admin only'.


Regarding the assignments for reports, we have a prototype built already and should have it ready for release early next year.

#15220 Known Issues with ver 7 upgrade

Posted by X2Peter on 29 October 2018 - 09:51 AM

Hello Donna,


X2CRM is not compatible with PHP 7.1 at this time. We will reach full compatibility before Mid-December. We do recommend backing up any site files as well as the database before update.

#15216 Error with translations - no findings in searchgrid

Posted by X2Peter on 26 October 2018 - 02:09 PM

I believe this bug existed in 6.9.3 as well (tested on a 6.9.3 version of the app) however here is the fix:



return $model === "- ".Yii::t('app', 'Select')." -" ? '' : $model;

Let me know if you still have filtering issues after this fix.

#15210 Send Emails Stopped working after 6.9.1 upgrade

Posted by X2Peter on 25 October 2018 - 11:46 AM

Hello All,


We apologize for any issues that may have occurred in 7.0 with regards to email and will release a hot-patch very soon. With regard to the XVERP issue, please do the following:

     * Whether to use VERP.
     * Default is changed to true for bounce handling
     * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
     * @link http://www.postfix.org/VERP_README.html Info on VERP
     * @var boolean
    public $do_verp = false;

in protected/components/phpMailer/class.smtp.php


as well as in protected/components/phpMailer/class.phpmailer.php:

     * Whether to generate VERP addresses on send.
     * Default is set to true for bounce handling
     * Only applicable when sending via SMTP.
     * @link https://en.wikipedia.org/wiki/Variable_envelope_return_path
     * @link http://www.postfix.org/VERP_README.html Postfix VERP info
     * @var boolean
    public $do_verp = false;